Since the introduction of AirDrop and Handoff, Apple products utilize some of the most convenient and hassle-free methods for multi-device data sharing.
This is possible because of the development of their zero-configuration technologies, which use services like Bonjour, Bluetooth, and Wi-Fi to have devices on the same network communicate with each other easily.
However, according to security researchers from Indiana University Bloomington and Tsinghua University Beijing, this convenience has a price.
As reported by Forbes, the researchers are saying that these zero-configuration methods do not have sufficient authentication mechanisms in place. These security holes could then be exploited to execute man-in-the-middle attacks for deploying malware and for intercepting data.
As demonstrated in one attack, they were able to exploit Bonjour, Apple's service for locating devices on a network, by assigning a malware with the same name as a local printer. Since Bonjour does not verify devices properly, they could then steal any documents or photos shared between Apple devices and printers in the same network. They added that any Bonjour service, not just printer discovery, is susceptible to such attacks.
They also successfully stole notifications from an iPhone by exploiting Handoff, Apple's service for sharing activities between devices, by slipping a malicious app through the Apple App Store then installing it on the phone. Once a Bluetooth connection was established between an iPhone and a Mac, they were able to steal every notification, including text and email alerts, with the rogue app.